BadBlock
BadBlock is a ransomware that run on Microsoft Windows. It is part of the Micropsia family. It is aimed at English-speaking users. Payload Transmission BadBlock is distributed via email spam and malicious attachments, phishing emails and links to sites infected with exploits, through malicious JavaScript, fake updates to Adobe Flash Player, and in other ways. Infection Unlike almost all other ransomware infections, BadBlock will not only encrypt the user's data files, but it will also encrypt the executables on the user's computer, including important Windows system files. Most ransomware infections do not like to advertise their presence until after all of the encryption has been completed. BadBlock, on the other hand, goes in the opposite direction and clearly tells the user what it is doing while it is doing it. It also changes the wallpaper that saids the following: BadBlock is on the block! This machine was infected with ransomware BadBlock. Many of your files are encrypted using RSA algorithm, and the key to decrypt this files is with us on our server. '- What this means?' It means that to decrypt and recover your files, you will need to pay a ransom, in bitcoins. The actual ransom for your machine is 2 bitcoins (USD -900.00). If you are not interested in pay this ransom, you can easily format this machine, or even remove BadBlock (it's not that hard), but all your files will become unrecoverable! '- How do I pay?' You simply buy bitcoins. and transfer them to this account: 19zvMSm7qSQgFXCckXBJstdVdbT99ZuWBP The amount is 2 bitcoins. like we talked earlier ... You can use this link or this link to help you out on how to buy the bitcoins. '- What happens after the payment?' BadBlock still running on your computer right now. and waiting to detect one payment of 2 BTC on the address mentioned above. Once it detects, it will start to decrypt all the encrypted files. The process to detect the payment can take up to 2 hours, and only after this it will start decrypting your files. So after payment leave this machine powered. For this reason, we strongly recommend you to not try to remove BadBlock. and disable your anti-virus for a while, until you pay and the payment gets processed, to BadBlock start decrypting. If your anti-virus gets updated and remove BadBlock automatically, even if you pay the ransom, it will not be able to recover your files! '- How do I know that you will really decrypt my files after payment?' You don't You have only one choice to recover your files: pay the ransom. We have no interest in keeping your files locked for any reason. So right now. just rely on us and everything will be fine. If the user reboot their computer after BadBlock encrypts their machine, the user will find that the computer will no longer starts and victim's will be greeted with a message. This is because executables that are required to start Windows have been encrypted. Category:Ransomware Category:Win32 ransomware Category:Win32 trojan Category:Win32 Category:Microsoft Windows Category:Trojan